90 matches found
CVE-2024-51504
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
UBUNTU-CVE-2024-51504
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
CVE-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
CVE-2024-51504
CVE-2024-51504 affects ZooKeeper Admin Server via IPAuthenticationProvider. Default IP detection uses HTTP headers (X-Forwarded-For) and can be spoofed, leading to authentication bypass for IP-based auth. Admin commands like snapshot/restore may be exploited after bypass. Impact: potential inform...
CVE-2024-51504 Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
CVE-2024-51504
When using IPAuthenticationProvider in ZooKeeper Admin Server there is a possibility of Authentication Bypass by Spoofing -- this only impacts IP based authentication implemented in ZooKeeper Admin Server. Default configuration of client's IP address detection in IPAuthenticationProvider, which...
Apache Zookeeper 安全漏洞
Apache ZooKeeper is a centralized service under the Apache Software Foundation for maintaining configuration information, naming, providing distributed synchronization, and providing group services. An authentication bypass vulnerability exists in Apache ZooKeeper versions prior to 3.9.3. The...
Net Titanium Technology idcCMS Security Breach
Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in Net Titanium Technology idcCMS v1.35, which was discovered to contain a cross-site...
com.netcetera.girders.demos:girders-demo-adminserver (>=6.0.0 <=6.1.0), com.senzhikong:depend-cloud-monitor (>=1.1.0 <=1.1.1) +11 more potentially affected by CVE-2023-38286 via de.codecentric:spring-boot-admin-server (>=3.0.0 <=3.1.1)
de.codecentric:spring-boot-admin-server MAVEN version =3.0.0, =6.0.0, =1.1.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =7.0.0-RC4, =7.0.0-RC6 Source cves: CVE-2023-38286 Source advisory: OSV:GHSA-7GJ7-224W-VPR3...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), cn.home1:oss-admin (>=1.0.6.OSS <=1.0.7.OSS) +56 more potentially affected by CVE-2023-38286 via de.codecentric:spring-boot-admin-server (>=1.0.2 <=2.7.15)
de.codecentric:spring-boot-admin-server MAVEN version =1.0.2, =0.5.0, =1.0.6.OSS, =1.2.3-RELEASE, =3.0.3.RELEASE, =1.0.0, =1.1.3, =3.0.10, =1.0.0, =5.0.18, =1.5.0-Beta, =1.5.1-RC - com.wudgaby.platform:health-admin-server =1.0.5 and more Source cves: CVE-2023-38286 Source advisory:...
ai.foremast.metrics:foremast-spring-boot-k8s-metrics-starter (>=0.1.2 <=0.2.0), ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24) +5083 more potentially affected by CVE-2023-20873 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=2.0.0.RELEASE <=2.5.14)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =2.0.0.RELEASE, =0.1.2, =0.5.0, =0.5.21, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.24 and more Source cves: CVE-2023-20873 Source advisory: OSV:GHSA-G5H3-W5...
Malicious code in fxa-admin-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware eea90520b4800eeeb089157ac4413f03f7f2624478b5420eb886c87e530c6b47 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.24) +1082 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.0.0.RELEASE <=2.5.11)
org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =2.1.0, =2.1.2.RELEASE, =1.3, =0.5.0, =3.1.37, =3.1.13, =3.1.85, =3.1.13, =3.1.13, =3.1.295 - ch.mobi.mobitor:mobitor-doc =3.1.13 - city.smartb.f2:f2-spring-boot-starter-function-http =0.1.0...
CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
Design/Logic Flaw
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
CVE-2019-3556
The CVE-2019-3556 issue affects HHVM where the admin server’s dump-pcre-cache handler accepts an unvalidated filesystem path parameter, enabling a malicious user to overwrite arbitrary files with the privileges of the HHVM user. This can write to arbitrary locations and is tied to HHVM versions: ...
ai.tock:bot-test (>=20.9.3 <=21.9.2), ai.tock:bot-test-base (>=20.9.3 <=21.9.2) +1431 more potentially affected by CVE-2021-27568 via net.minidev:json-smart (>=1.0.6.3 <=1.3.1)
net.minidev:json-smart MAVEN version =1.0.6.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =20.9.3, =0.0.13, =1.13.3, =1.15.0 - bio.ferlab:datalake-spark302.12 =0.2.39 and more Source cves: CVE-2021-27568 Source advisory: OSV:GHSA-V528-7HRM-F...